Control of Hybrid Automata with Hidden Modes: Translation to a ...

Control of Hybrid Automata with Hidden Modes: Translation to a Perfect State Information Problem Rajeev Verma and Domitilla Del Vecchio Abstract— In this paper, we consider the safety control problem for hybrid systems with hidden modes. In particular, we propose an approach to translate the control problem with imperfect mode information into an equivalent problem with perfect mode information. This approach is based on the notion of non-deterministic discrete information state as employed in the literature of games of imperfect information. We show that the safety control problems with imperfect information and perfect information are equivalent to each other under suitable detectability assumptions.

I. Introduction Most of the work on safety control for hybrid systems has been focusing on the control of systems in which full state information is available [15], [10]. However, in several cases of practical interest the state is not available to the controller because of sensor or communication limitations [5], [2], [3], [17]. In this paper, we propose an approach to solve this problem in the case when the continuous state of the system is measured, while the discrete state is not measured. Furthermore, the system is subject to continuous and discrete disturbance inputs while only a continuous control input is available. This problem is found in a number of scenarios, including intent-based conflict detection and avoidance for aircrafts [14], robotic games with imperfect information [5], and semi-autonomous cooperative active safety systems to prevent vehicle collisions [16]. The safety control problem for hybrid systems with hidden modes can be viewed as a game of imperfect information between the control and the disturbance. A common approach to solving games of imperfect information is to translate the problem to an equivalent one with perfect state information [11]. In particular, [17] tackles the control of hybrid automata with hidden modes by solving an equivalent control problem with perfect state information. This new control problem was addressed by computing a capture set dependent on the mode estimate and by then designing a dynamic feedback map that maintains the flow outside this capture set. However, the conditions for the equivalence between the solved control problem and the original one with imperfect state information imposed serious restrictions on the structure of the mode estimator. In this paper, we show that this R. Verma is with Systems Laboratory, University of Michigan, Ann Arbor. D. DelVecchio is with Department of Mechanical Engineering, MIT, Cambridge. Supported in part by NSF CAREER Award Number CNS-0642719. E-mail: [email protected]

equivalence can be proved under considerably less restrictive assumptions. Related Work. There is a large body of literature on the safety control of hybrid automata assuming perfect state information (see, for example, [15], [10]). The solution approach for general classes of hybrid automata is based on the calculation of the backward reachable set or the uncontrollable predecessor of a bad set [8]. This set comprises all states that lead to the bad set independently of the input choice. Here, we call this set “the capture set”. A feedback controller is then constructed that keeps the system state out of the capture set. The safety control problem in the case when the set of observations is a partition of the state space was discussed by [13]. The problem was first transformed into a game of perfect information and a controller with memory was derived. The proposed algorithm can deal with a system with finite number of states. It excludes important classes of systems such as timed and hybrid automata. The safety control problem with imperfect state measurement for discrete and hybrid systems was discussed by [19]. A solution to the control problem for rectangular hybrid automata that admit a finite-state abstraction was presented. Dynamic feedback in a special class of hybrid systems with imperfect discrete state information was discussed in [2]. Dynamic control of block triangular order preserving hybrid automata under imperfect continuous state information was considered in [3] for discrete time systems and in [4] for continuous time systems. This paper is organized as follows. Section II introduces the hybrid automaton model. In Section III, the control problem with imperfect state information is defined and an alternative problem with perfect state information is proposed. Section IV shows the equivalence between the two problems. Section V illustrates the basic concepts on an application example. II. The System Model and Information Structure Consider the hybrid automaton given by the tuple H = (Q, X, U, ∆, Σ, Inv, R, f ), in which Q is a finite set of modes, X is a vector space, U is a continuous set of control inputs, ∆ is a continuous set of disturbances, Σ is a finite set of disturbance events, Inv is a discrete set of silent events with Σ ∩ Inv = ∅, R : Q × Σ → Q is the discrete state update map, f : X × Q × U × ∆ → X is the vector field, which is allowed to be discontinuous in the

first argument to model autonomous discrete transitions. SN Let τ˜ = i=0 [τi , τ′i )] be a hybrid time trajectory such that ′ σ(τi ) ∈ Σ and σ(t) ∈ Inv for t ∈ [τi , τ′i ) for all i such that τi < τ′i . The “)]” parenthesis denotes that the last interval (if N < ∞) may be open or closed. We represent H by the following equations q(τi+1 )

=

R(q(τ′i ), σ(τ′i )), σ(τ′i ) ∈ Σ

x˙(t)

=

f (x(t), q(t), u(t), d(t)), d(t) ∈ ∆, σ(t) ∈ Inv,

(1)

in which τi for i ∈ {0, ..., N} are the times at which a discrete transition takes place and are such that τi ≤ τ′i = τi+1 , q(τi+1 ) denotes the value of q after the ith transition, q(t) := q(supτi ≤t τi ), t ∈ τ˜ and σ(t) ∈ Inv, x(0) = x0 ∈ X, q(τ0 ) = q0 ∈ Q. We assume without loss of generality that τ0 = 0. In this model, multiple discrete transitions can occur at the same time as we can have τi = τi+1 = ... = τi+p for any arbitrary p ≤ N. The signal q(t) is a piece-wise continuous signal of time with the property that q(t) = limδ→0+ q(t + δ) ∀t ≥ 0 but limδ→0+ q(t − δ) , q(t) if t = τi for some i. Basically, at the transition time t, q(t) takes the value established by the last transition occurring at time t and it maintains this value until the next transition. Since discrete transitions change only the discrete state, we have that x(τi+1 ) = x(τ′i ) for all i. For convenience, we take the set Inv to be a singleton, denoted ǫ. This model is a special case of the general hybrid automaton model in standard references [12], in which there is no continuous state reset and no discrete control inputs. It may be noticed here that although the jump predicate is missing, the vector field is allowed to be discontinuous, which can model switches in vector field resulting from autonomous discrete transitions. An example is provided in Section V. We denote by τ˜ t the hybrid time trajectory up to time t for t ∈ τ˜ , that is, letting Nt := sup{i|τ′i ≤ t} we S Nt S have τ˜ t = i=0 [τi , τ′i ] [τNt +1 , t], in which τNt +1 = t if there are discrete transitions at time t. We denote by σ˜ t : τ˜ t → Σ the discrete disturbance input signal up to time t. It forces discrete transitions at the times τ′i and it keeps a constant value in Inv in between transitions times, that is, for t ∈ [τi , τ′i ) for τi < τ′i . We denote by u˜ t : [0, t) → U the piecewise continuous control input signal up to time t, and by d˜t : [0, t) → ∆ the piecewise continuous disturbance input signal up to time t. Given these input signals and initial conditions (q0 , x0 ) ∈ Q × X, the discrete and continuous trajectories at any time τ ≤ t are denoted by φq (τ, q0 , σ ˜ τ ) := q(τ) and φ x (τ, (x0 , q0 ), u˜ τ , d˜τ , σ ˜ τ ), respectively. Note that according to the definition of q(t), we have that φq (0, q0, σ ˜ 0 ) = q0 if and only if τ0 < τ1 . We define φ x (0, (x0, q0 ), u˜ 0 , d˜0 , σ ˜ 0 ) := x0 . The continuous trajectory x(τ) := φ x (τ, (x0 , q0 ), u˜ τ , d˜τ, σ ˜ τ ) satisfies x˙(τ) = f (x(τ), φq (τ, q0 , σ ˜ τ ), u(τ), d(τ)) ∀τ ≤ t. For an initial set of modes q¯ ⊂ Q, we denote the set of modes

reachable from q¯ under R as R(q) ¯ and it is defined as [[[ R(q) ¯ := φq (t, q0 , σ ˜ t ). q0 ∈q¯ t≥0 σ ˜t

Since multiple discrete transitions can occur at one time, any of these modes can be reached in no time from q. ¯ The trajectories of system (1) satisfy the following concatenation property. For any t > 0 and t1 , t2 > 0 such that t1 + t2 = t, we have that φq (t, q0 , σ ˜ t ) = φq (t2 , q′0 , σ ˜ ′t2 ) ′ ′ with q0 = φq (t1 , q0 , σ ˜ t1 ), σ (τ) = σ(t1 + τ) ∀ τ ≥ 0 and φ x (t, (q0 , x0 ), u˜ t , d˜t , σ ˜ t ) = φ x (t2 , (q′0 , x′0 ), u˜ ′t2 , d˜t′2 , σ ˜ ′t2 ) with ′ ′ ˜ x0 = φ x (t1 , (q0 , x0 ), u˜ t1 , dt1 , σ ˜ t1 ), u (τ) = u(t1 + τ) ∀ τ ≥ 0, d′ (τ) = d(t1 + τ) ∀ τ ≥ 0. The concatenation property implies that the value of (q(t), x(t)) can be uniquely determined by the values of q and x at some time t1 < t and by the values of the inputs after time t1 . A. The non-deterministic discrete information state In system (1), only x is measured while q is not. At time t, the available information on the system is given by the history signal η˜ t := (u˜ t , x˜t ) with x˜t : [0, t] → X. We also denote η(t) := (u(t), x(t)). We define η0 := (q¯ 0 , x0 ) with q¯ 0 ⊂ Q such that q0 ∈ q¯ 0 . This is the initial information that we have on the state of the system. On the basis of the history up to time t, we define the non-deterministic discrete information state. Definition 1: The non-deterministic discrete information state at time t is the set q( ¯ η˜ t ) ⊂ Q defined as    q ∈ Q | ∃ q0 ∈ q¯ 0 , σ ˜ t s.t. q = φq (t, q0 , σ ˜ t )            ˜   and ∃ dt s.t.    . q( ¯ η˜ t ) :=      x˙(τ) = f (x(τ), φq (τ, q0 , σ ˜ τ ), u(τ), d(τ))             for all τ < t Basically, q( ¯ η˜ t ) is the set of all current modes that are compatible with the measured continuous state trajectory and with the discrete state update map R. A consequence of this definition is that the set of all possible modes at time t = 0, that is, q(η ¯ 0 ), given that η0 = (q¯ 0 , x0 ) is given by q(η ¯ 0 ) = R(q¯ 0 ) due to the possibility of multiple instantaneous transitions. Definition 2: (Weakly detectable modes) We say that qi ∈ Q is weakly detectable provided for all (u, x) ∈ U × X ¯ for all there is d ∈ ∆ such that f (x, qi , u, d) , f (x, q j , u, d) ¯ d ∈ ∆ and q j , qi . A mode is weakly detectable when there is a disturbance action that uniquely reveals the identity of the mode. Of course, the disturbance may choose to always play in a range so that the identity of the mode is never revealed. The property of weak detectability is useful for characterizing the possible transitions of the nondeterministic information state. In the sequel, we thus assume that all the modes in H are weakly detectable: Assumption 1: All modes in Q are weakly detectable. If all modes are weakly detectable, there is a disturbance action at time 0+ which leads to a measurement η(0+ )

that is compatible with only one of the modes possible at time 0. This fact and the fact that H can have multiple mode transitions at the same time leads to the following proposition. Proposition 1: Let q¯ ∈ 2Q with qi ∈ q¯ and let η0 = (q, ¯ x0 ). Then, Assumption 1 implies that there is η(0+ ) such that q( ¯ η˜ 0+ ) = R(qi ). Because in H multiple mode transitions are possible at the same time, if qi ∈ q( ¯ η˜ t ), then all modes reachable from qi can also be in q( ¯ η˜ t ). Furthermore, if the measured signal x(t) for all t is generated under mode qi , then the non-deterministic discrete information state is constant for all time and equals R(qi ). This is formally stated by the following proposition. Proposition 2: Let η0 = (R(qi ), x0 ) and let η˜ t = (u˜ t , x˜t ) with x(t) = φ x (t, (x0 , qi ), u˜ t , d˜t , ǫ) for all t ≥ 0. Then, for all d˜t we have q( ¯ η˜ t ) = R(qi ) for all t ≥ 0. Finally, the fact that the trajectories of system H enjoy the concatenation property and the definition of q( ¯ η˜ t ) implies also that q( ¯ η˜ t ) enjoys the concatenation property. The next section introduces the safety control problem for the hybrid automaton with hidden modes H.

An immediate consequence of this fact is that if the map π keeps the trajectory of H π outside B starting from initial information η0 = (q¯ 0 , x0 ), it also keeps the trajectory of H π outside B starting from initial information η′0 = (q( ¯ η˜ t1 ), x(t1 )) for all t1 > 0. This is formally stated by the following proposition. Proposition 3: Let π be such that with η0 = (q¯ 0 , x0 ) we have φπx (t, (q0 , x0 ), d˜t , σ ˜ t ) < B for all q0 ∈ q¯ 0 , d˜t , σ˜ t and t ≥ 0. Then for all t1 > 0, π is such that with η′0 = (q( ¯ η˜ t1 ), x(t1 )) we have φπx (t, (q′0 , x(t1 )), d˜t′ , σ ˜ ′t ) < B for all ′ ′ ′ q0 ∈ q( ¯ η˜t1 ), d˜t , σ ˜ t and t ≥ 0. Note that since q(η ¯ 0 ) = R(q¯ 0 ), we have that Cq¯ = CR(q) ¯ for all modes q¯ ∈ 2Q . This is formally stated in the following proposition. Proposition 4: For all q¯ ∈ 2Q , we have that Cq¯ = CR(q) ¯ . For system H, we define the uncontrollable predecessor operator for a fixed mode qi ∈ Q and a set S ⊆ X as PreH (qi , S ) := {x0 ∈ X | ∀ π, ∃ d˜t s.t. φπx (t, (qi , x0 ), d˜t , ǫ) ∈ S }. It represents the set of all states that are taken to S independently of the feedback map whenever the mode is constant to qi .

III. The Control Problem with Imperfect Mode Information

A. Transforming the problem to a perfect state information control problem

Let B ⊂ X be a set of continuous states to be avoided. We consider the problem of designing a dynamic feedback map that guarantees that the state never enters B for a suitable set of initial conditions. In particular, let π : 2Q × X → U and denote the closed-loop system H under such a map by H π , whose trajectories are those of H once we set u(t) = π(q( ¯ η˜ t ), x(t)). We denote the x-trajectory of H π by π ˜ t ). We thus seek to determine the set of φ x (t, (x0 , q0 ), d˜t , σ all initial conditions η0 such that no feedback map π with initial information q(η ¯ 0 ) exists that can keep the trajectory φπx (t, (x0 , q0 ), d˜t , σ ˜ t ) out of B for all time when q0 ∈ q¯ 0 . This set is called the capture set and can be written as [  C= q, ¯ Cq¯ , q∈2 ¯ Q

in which Cq¯ := {x0 ∈ X | ∀ π, ∃ q0 ∈ q, ¯ σ˜ t , d˜t , t ≥ π ˜ 0 s.t. φ x (t, (x0 , q0 ), dt , σ ˜ t ) ∈ B}. The set Cq¯ is the set of all continuous states that enter B independently of the feedback map when the mode of the system starts in the set q. ¯ This set is also referred to as mode-dependent capture set. Therefore, we state the problem as follows: Problem 1: (Control Problem with Imperfect State Information) Determine the capture set C and the set of feedback maps π such that if η(0) < C, then (q(η(t)), ¯ x(t)) < C for all t ≥ 0. As a direct consequence of the facts that q( ¯ η˜ t ) enjoys the concatenation property, that the open loop trajectories enjoy the concatenation property, and that π is a timeinvariant map from 2Q ×X to U, the trajectory of the closed loop system H π also enjoys the concatenation property.

One of the difficulties of solving Problem 1 resides in the fact that the set q( ¯ η˜ t ) is computed on the basis of the entire system history up to time t and keeping track of this growing history is prohibitive. We therefore translate Problem 1 to an equivalent control problem with perfect state information as performed in the theory of games with imperfect information [11]. In order to define a control problem with perfect state information, we construct a discrete state estimate. A discrete state estimate is a time-dependent set, denoted q(t) ˆ ∈ 2Q , with the properties that (i) q( ¯ η˜ t ) ⊆ q(t) ˆ for all t ≥ 0; (ii) For t2 ≥ t1 , we have that q(t ˆ 2 ) ⊆ R(q(t ˆ 1 )). We note here that q(t) ˆ = Q for t ≥ 0 always satisfies (i) and (ii), but in general, it is easy to construct an update law for q(t) ˆ as we show in Section V. In the case in which in (i) equality holds for all t, the estimate is said exact. Define ˆ R, ˆ f ), the new hybrid automaton Hˆ = (2Q , X, U, ∆, Y, Inv, in which 2Q is a new set of discrete states, Y is a set ˆ is a set of silent events with of discrete events, Inv ˆ = ∅, Rˆ : 2Q × Y → 2Q is a discrete state transition Y ∩ Inv SNˆ map 1 . Let τ˜ˆ = i=0 [ˆτi , τˆ ′i )] be a hybrid time trajectory ˆ for t ∈ [ˆτi , τˆ ′ ) such that τˆ 0 = τ0 , y(ˆτ′i ) ∈ Y and y(t) ∈ Inv i ′ for all i such that τˆ i < τˆ i . We represent Hˆ by the following equations q(ˆ ˆ τi+1 ) x˙ˆ(t)

ˆ q(τ = R( ˆ ′i ), y(ˆτ′i )), y(ˆτ′i ) ∈ Y ∈

(2) ˆ f ( xˆ(t), q(t), ˆ u(t), d(t)), d(t) ∈ ∆, y(t) ∈ Inv

1 It is important to note here that the discrete state space of H ˆ is a subset of 2Q . Section V provides an illustration of this.

in which we have defined q(t) ˆ := q(sup ˆ ˆ i ) ∀ t ∈ τˆ˜. The τˆ i ≤t τ map Rˆ is such that q(t) ˆ is a discrete state estimate, xˆ(0) = ˆ q, x0 and q(ˆ ˆ τ0 ) = q¯ 0 . This in turn implies that (a) R( ˆ y) ⊆ R(q) ˆ for all y ∈ Y and qˆ ∈ 2Q and that (b) τˆ ′0 = τˆ 0 = 0 and ˆ q(ˆ y(ˆτ′0 ) is such that R( ˆ τ′0 ), y(ˆτ′0 )) := R(q(ˆ ˆ τ′0 )) = R(q¯ 0 ). Fix any T > 0, y(t) derives information from xτ∈[t−T,t] for t > T about the values of x˙(τ) for τ < t and uses this information to determine the current values of q compatible with such a derivative (see [5], [1], [6] for details). We denote by τ˜ˆ t the hybrid time trajectory of Hˆ up to time t for t ∈ τ˜ˆ , that is, let Nˆ t := sup{i|ˆτ′i ≤ t}, S SNˆ t [ˆτi , τˆ ′i ] [ˆτNˆ t +1 , t], in which τNˆ t +1 = t if then τ˜ˆ t = i=0 there are discrete transitions at time t. We denote by y˜t : [0, t] → Y the discrete “disturbance” input signal up to time t. It forces discrete transitions at the times τˆ ′i and ˆ in between transitions it keeps a constant value in Inv ′ times, that is, for t ∈ [ˆτi , τˆ i ) for τˆ i < τˆ ′i . This signal is a disturbance for system Hˆ as it is not a controlled signal but it is driven by nature’s actions. Given initial conditions (q¯ 0 , x0 ) ∈ 2Q ×X, the discrete and continuous trajectories of Hˆ at any time τ ≤ t are denoted by φqˆ (τ, q¯ 0 , y˜ τ ) := q(τ) ˆ and φ xˆ (τ, (q¯ 0 , x0 ), u˜ τ , d˜τ , y˜ τ ) := xˆ(τ), respectively. We define φ xˆ (0, (q¯ 0, x0 ), u˜ 0 , d˜0 , y˜ 0 ) := x0 . Any continuous trajectory xˆ(τ) satisfies x˙ˆ(τ) ∈ f ( xˆ(τ), φqˆ (τ, q¯ 0 , y˜ τ ), u(τ), d(τ)) ∀ τ ≤ t. ˆ is a singleton and is equal to ǫ. We assume that Inv In system (2), the state is known as q(t) ˆ is known and xˆ(t) = x(t) is measured. Basically, the xˆ dynamics in (2) describes the set of dynamics of x that are compatible with the current discrete state estimate. Since q(t) ˆ is a discrete state estimate of q(t), any continuous state trajectory ˆ possible in H is also possible in H. Let πˆ : 2Q × X → U be a feedback map. We denote the closed loop system Hˆ by Hˆ πˆ , the system in equations (2), in which we have set u(t) = πˆ (q(t), ˆ xˆ(t)). The capture set for system Hˆ is given by [  Cˆ := q, ¯ Cˆ q¯ , q∈2 ¯ Q

in which Cˆ q¯ := {x0 ∈ X | ∀ πˆ , ∃ d˜t , y˜ t , t ≥ ¯ x0 ), d˜t , y˜ t ) ∈ B}. 0 s.t. some φπxˆˆ (t, (q, For a hybrid time trajectory such that τˆ ′0 = ∞, we have that y(t) = ǫ for all t ≥ 0. We denote the corresponding continuous trajectory of Hˆ by xˆ(t) = φ xˆ (τ, (x0 , q¯ 0 ), u˜ τ , d˜τ , ǫ) and it is such that it satisfies x˙ˆ(t) ∈ f ( xˆ(t), q¯ 0 , u(t), d(t)) for all t ≥ 0. We thus define for a set S ⊂ X and q¯ ∈ 2Q the uncontrollable predecessor operator for Hˆ as Pre(q, ¯ S ) := {x0 ∈ X | ∀ πˆ ∃ d˜t , t ≥ 0, s.t. some φπxˆˆ (t, (x0 , q), ¯ d˜t , ǫ) ∈ B}. This set represents the set of all states that are mapped to B when the mode estimate is constant to q. ¯ When q¯ = qi ∈ q, the Pre operator simplifies to Pre(qi , B) = PreH (qi , B). We now state the new control problem as follows. Problem 2: (Control Problem with Perfect State Information) Determine the capture set Cˆ and the set of feedˆ then all (q(t), back maps πˆ such that if η(0) < C, ˆ xˆ(t)) < Cˆ for all t ≥ 0.

This is a perfect state information problem as the hybrid state is known to the controller. This problem has been solved in [17], in which an algorithm for the computation of the mode-dependent capture sets Cˆ q¯ was provided along with termination conditions. We recall this algorithm here for completeness. Let 2Q = {qˆ 1 , ..., qˆ M }, be the discrete state space of system Hˆ and define the tuple of sets S i ∈ 2X for i ∈ {1, . . . , M}. We define the map G : (2X ) M → (2X ) M as  S     Pre qˆ 1 , { j|qˆ j ∈R(  ˆ qˆ 1 ,Y)} S j ∪ B   . ..  G(S ) :=      S Pre qˆ M , { j|qˆ j ∈R( ˆ qˆ M ,Y)} S j ∪ B and consider the following iteration: Algorithm 1: S 0 := (S 10 , S 20 , . . . , S 0M ) := (∅, . . . , ∅), 1 S = G(S 0 ) while S k−1 , S k S k+1 = G(S k ) end. In [17], it was shown that if Algorithm 1 terminates, the fixed point is equal to the tuple of sets (Cˆ qˆ 1 , . . . , Cˆ qˆ M ). Furthermore, [7] presented a linear complexity algorithm for computation of the Pre operator for the special case when the system dynamics are order preserving. In this paper, we focus on determining conditions under which Problems 1 and 2 are equivalent. Specifically, we formalize the equivalence between these two problems through the following definition. Definition 3: (Equivalence) We say that Problem 1 and Problem 2 are equivalent provided Cq¯ = Cˆ q¯ for all q¯ ∈ 2Q . The next section is devoted to proving the equivalence between Problems 1 and 2. IV. Showing the Equivalence We show the equivalence between Problem 1 and Problem 2 by first showing that Cq¯ ⊆ Cˆ q¯ and by then showing the reverse inclusion Cq¯ ⊇ Cˆ q¯ . Lemma 1: For all q¯ ∈ 2Q , we have that Cq¯ ⊆ Cˆ q¯ . Proof: Proceeding by contradiction argument, assume that x0 ∈ Cq¯ but x0 < Cˆ q¯ . Since x0 ∈ Cq¯ , for all feedback maps π with initial non-deterministic information state q(η ¯ 0 ) = R(q), ¯ there is q0 ∈ q, ¯ σ ˜ t , d˜t , and π ˜ t ≥ 0 such that φ x (t, (q0 , x0 ), dt , σ ˜ t ) ∈ B. However, because x0 < Cˆ q¯ , there is a feedback map πˆ with q(0) ˆ = R(q) ¯ such that for all d˜t , y˜ t , t ≥ 0 all flows φπxˆˆ (t, (q, ¯ x0 ), d˜t , y˜ t ) < B. In particular, this is true for y˜ ∗t such that y∗ (t) = ǫ for all t > 0, which implies that q(t) ˆ = q(0) ˆ = R(q) ¯ for all t ≥ 0. Thus, there is a simple feedback map π′ (x) := πˆ (q(0), ˆ x) such ′ that for all d˜t and t ≥ 0 all flows φπxˆˆ (t, (q, ¯ x0 ), d˜t , y˜ ∗t ) < B ′ for all t ≥ 0. A trajectory xˆ(t) = φπxˆˆ (t, (q, ¯ x0 ), d˜t , y˜ ∗t ) is in turn by definition any trajectory satisfying x˙ˆ(t) ∈ f ( xˆ(t), R(q), ¯ π′ ( xˆ(t)), d(t)).

(3)

′ Similarly, x(t) = φπx (t, (q0 , x0 ), d˜t , σ ˜ t ) with q0 ∈ q¯ is any trajectory satisfying x˙(t) = f (x(t), φq (t, q0 , σ ˜ t ), π′ (x(t)), d(t)). Since q0 ∈ q, ¯ it follows that any such x(t) satisfies also (3) for all σ ˜ t and d˜t . As a consequence, π′ is π′ such that φ x (t, (q0 , x0 ), d˜t , σ ˜ t ) < B for all t ≥ 0, all d˜t , and all σ ˜ t . This contradicts that x0 ∈ Cq¯ . Therefore, it must be that x0 ∈ Cˆ q¯ . We next focus on showing that Cˆ q¯ ⊆ Cq¯ . This is S proven by first showing that Cˆ q¯ ⊆ q∈R(q) ¯ Pre(q, B) and S by then showing that q∈R(q) Pre(q, B) ⊆ C q¯ . In order to ¯ show the first inclusion, we need the following structural assumption. Assumption 2: For all q¯ ∈ 2Q we have that Pre(q, ¯ B) = S Pre(q , B). i qi ∈q¯ This assumption is satisfied if any x that is reachable by a trajectory of system Hˆ when the mode is equal to qˆ = {q1 , ..., qn} is also reachable by a trajectory of Hˆ when the mode is equal to qˆ = {qi } for at least one i ∈ {1, ..., n}. This assumption can be in general checked computationally. In the special case in which the dynamics of x for q ∈ q¯ and d ∈ ∆ are order preserving, the assumption is automatically satisfied (see Proposition 5 in the Appendix). This assumption enables the proof of the following result. Lemma 2: If Algorithm 1 terminates, under AssumpS tions 1 and 2 we have that Cˆ q¯ ⊆ q∈R(q)¯ Pre(q, B). Proof: If Algorithm 1 terminates in n steps,  we can write Cˆ q¯ = S S Pre q, ¯ Pre qˆ j1 , qˆ j ∈R( Pre qˆ j2 , ... ˆ q,Y) qˆ j1 ∈R( ¯  2 ˆ qˆ j1 ,Y) S ˆ q, Pre( q ˆ , B)... . Having q ˆ j1 ∈ R( ¯ Y) ˆ qˆ j ,Y) jn−1 qˆ jn−1 ∈R( n−2 ˆ implies (by the definition of R) that qˆ j1 ⊆ R(q). ¯ Since we also have that qˆ jk ⊆ R(qˆ jk−1 ) for k ∈ {2, ..., n − 1}, it follows that qˆ jk ⊆ R(q). ¯ From the properties of the Pre operator (see [17]), we have that Pre(qˆ jn−1 , B) ⊆ Pre(R(q), ¯ B) and  thus that S S Cˆ q¯ ⊆ Pre q, ¯ qˆ j ∈R( Pre q ˆ , ˆ j2 , ..., ˆ q,Y) ˆ qˆ j ,Y) Pre q j ¯ 1 qˆ j2 ∈R( 1  1  S ˆ jn−2 (Pre(R(q), ¯ B)) ... . In this ˆ qˆ j ,Y) Pre q qˆ jn−2 ∈R( n−3 S expression, we in turn have that qˆ j ∈R( ˆ jn−2 , ˆ qˆ j ,Y) Pre(q n−2 n−3 (Pre(R(q), ¯ B)) ⊆ Pre(R(q), ¯ (Pre(R(q), ¯ B))). By continuing substituting qˆ k with R(q), ¯ we finally obtain that Cˆ q¯ ⊆ Pre (R(q), ¯ Pre (R(q), ¯ ..., Pre(R(q), ¯ B)...)) , which by the properties of the Pre operator is equal to Pre(R(q), ¯ B). S By Assumption 2, Pre(R(q), ¯ B) = Pre(q, B), q∈R( q) ¯ S leading to Cˆ q¯ ⊆ q∈R(q)¯ Pre(q, B). The next two lemmas are intermediate steps needed to S show that q∈R(q) ¯ Pre(q, B) ⊆ Cq¯ . Lemma 3: For all qi ∈ Q, we have that Pre(qi , B) ⊆ CR(qi ) . Proof: Assume by contradiction argument that x0 ∈ Pre(qi , B) but x0 < CR(qi ) . By the definition of Pre, it follows that for all maps π(qi , x) there is d˜t such that φπx (t, (qi , x0 ), d˜t , ǫ) ∈ B. Since the first argument of π is constant to qi , we can define the new map π¯ (x) := π(qi , x). Then x0 ∈ Pre(qi , B) implies that for all feedback maps

π¯ (x) there is d˜t such that φπx¯ (t, (qi , x0 ), d˜t , ǫ) ∈ B. If x0 < CR(qi ) , there is a feedback map π(q( ¯ η˜ t ), x) such that for all q0 ∈ R(qi ), σ ˜ t , d˜t , it guarantees that φπx (t, (q0 , x0 ), d˜t , σ ˜ t) < B for all t ≥ 0. In particular, such a feedback map guarantees that φπx (t, (q0 , x0 ), d˜t , σ ˜ t ) < B for q0 = qi and σ˜ t = ǫ. That is, φπx (t, (qi , x0 ), d˜t , ǫ) < B for all t ≥ 0. By Proposition 2, we have that φπx (t, (qi , x0 ), d˜t , ǫ) for all d˜t is such that q( ¯ η˜ t ) = R(qi ) for all t ≥ 0. As a consequence, the map π(q(η ¯ t ), x) that guarantees φπx (t, (qi , x0 ), d˜t , ǫ) < B for all t ≥ 0 is just a simple map from x as q(η ¯ t ) is constant for all time. That is, we can define the new map π¯ (x) := π(R(qi ), x) so that for all d˜t , it guarantees that φπx¯ (t, (qi , x0 ), d˜t , ǫ) < B for all t. This contradicts the fact that x0 ∈ Pre(qi , B). Hence, if x0 ∈ Pre(qi , B) also x0 ∈ CR(qi ) , leading to the desired result. This result is non-trivial because the feedback map involved in the definition of Pre(qi , B) is a simple feedback map from x, while the one involved in the definition of CR(qi ) has more information than only x, which derives from the current non-deterministic discrete information state. Lemma 4: Let qi ∈ q¯ ∈ 2Q . Then, CR(qi ) ⊆ Cq¯ . Proof: Let x0 ∈ CR(qi ) , then for all feedback maps π with initial information q(η ¯ 0 ) = R(qi ), there are q0 ∈ R(qi ), ˜ t ) ∈ B. σ˜ t , d˜t , and t ≥ 0 such that φπx (t, (q0 , x0 ), d˜t , σ Assume that x0 < Cq¯ . Since Cq¯ = CR(q)¯ by Proposition 4, there is a feedback map π∗ with initial information q(η ¯ 0 ) = R(q) ¯ such that for all q0 ∈ R(q), ¯ d˜t , σ ˜ t, t ≥ 0 ∗ φπx (t, (q0 , x0 ), d˜t , σ ˜ t ) < B. In particular, this must be true for all q0 ∈ R(qi ) ⊆ R(q) ¯ and for d˜t such that d(0) causes ¯ η˜ 0+ ) = R(qi ), which exists from Proposition 1. η˜ 0+ with q( Since x(0+ ) = x(0) = x0 and q( ¯ η˜ 0+ ) = R(qi ), by Proposition 3, feedback map π∗ with η′0 = (x0 , R(qi )) is such that ∗ for all q0 ∈ R(qi ), σ˜ t , d˜t , t ≥ 0, φπx (t, (q0 , x0 ), d˜t , σ ˜ t ) < B. This, however, contradicts that x0 ∈ CR(qi ) . Thus if x0 ∈ CR(qi ) we must also have that x0 ∈ Cq¯ , leading to the desired result. Note that if R(qi ) ⊂ q, ¯ this result is trivial. However, in general R(qi ) ⊂ q¯ is not true. Nevertheless, because of Proposition 1, we can have an instantaneous transition form q¯ to R(qi ), which leads to having CR(qi ) ⊆ Cq¯ . Lemma 5: For all q¯ ∈ 2Q , we have that S q∈R(q) ¯ Pre(q, B) ⊆ Cq¯ . Proof: By Lemma 4, for all qi ∈ q¯ we have that CR(qi ) ⊆ Cq¯ . Therefore, we have that S qi ∈q¯ CR(qi ) ⊆ Cq¯ . Employing Lemma 4 again, we obtain that for all q′i ∈ R(qi ) we have that CR(q′i ) ⊆ S CR(qi ) , so that q′i ∈R(qi ) CR(q′i ) ⊆ CR(qi ) . As a conseS S quence, we have that qi ∈q¯ q′i ∈R(qi ) CR(q′i ) ⊆ Cq¯ , in which S S S ′ = q∈R(q) qi ∈q¯ q′i ∈R(qi ) CR(q ¯ CR(q) .SEmploying Lemma Si ) 3, we obtain that q∈R(q) ¯ Pre(q, B) ⊆ q∈R(q) ¯ CR(q) , leading to the desired result. Theorem 1: If Algorithm 1 terminates, under Assumptions 1 and 2 Problem 1 and Problem 2 are equivalent.

500

400

400 3

600

500

300

x

x3

600

200

200

100 0 0

100

200

400

is equipped with a cooperative active safety system and communicates with the infrastructure via wireless. Vehicle 2 (humandriven) is not equipped and does not communicate with the infrastructure. A collision occurs when more than one vehicle occupies the conflict area at one time. (Right) Diagram repreˆ senting map R and diagram representing map R.

Proof: Lemma 2 and Lemma 5 prove that for all q¯ ∈ 2Q we have that Cˆ q¯ ⊆ Cq¯ . The reverse inclusion is proven by Lemma 1. V. Application Example As an example, consider the conflict resolution problem between two vehicles as depicted in Figure 1. The autonomous vehicle communicates with the infrastructure and has access to position and speed information about all vehicles in the intersection. The human-driven vehicle does not communicate. In order to reduce the uncertainty on its behavior, we consider a human driving model with three modes: acceleration a, coasting c, and braking b. The system can start in any of these modes and the human driven vehicle can transit from acceleration, to coasting, to braking, to model the fact that as it approaches the intersection, it may decide that it is safe to slow down [9]. This scenario can be modeled by the system H = (Q, X, U, ∆, Σ, Inv, R, f ), in which Q = {a, c, b}, ¯ d], ¯ Σ = {σ∗ }, and R : Q × Σ → Q is U = [uL , uH ], ∆ = [−d, represented in the top right diagram of Figure 1. Denoting x = (x1 , x2 , x3 , x4 ) with x1 = p1 , x2 = v1 , x3 = p2 , x4 = v2 , the unsafe set is given by B = {x | (x1 , x3 ) ∈ [L1 , U1 ] × [L2 , U2 ]}. The vector field f is piece-wise continuous and given by f (x, q, u, d) = ( f1 (x, u), f2 (x, q, d)), with   (x , α), if x2 ∈ (vmin , vmax )    2 (x2 , 0), if x2 ≤ vmin and α < 0 f1 (x, u) =  (4)    or x ≥ v and α > 0,  2 max  (x , β + d), if x4 ∈ (vmin , vmax )    4 q (x4 , 0), if x4 ≤ vmin and βq + d < 0 f2 (x, q, d) =     or x4 ≥ vmax and βq + d > 0, (5) in which α = k1 u − k2 x22 − k3 [18]. It describes the vehicles longitudinal dynamics along their paths. Here, we assume that βb < 0, βc = 0, and βa > 0, with d¯ < |βq | < 2d¯ for q ∈ {a, b}. This guarantees that Assumption 1 is satisfied for x2 and x4 both in the open interval (vmin , vmax ). This also implies that there is a confusion between modes b ˆ in and c and between modes c and a. The estimator H,

0 0

600

(a)

1

200

400

x

1 600

500

500

500

400

400

400

300

200

200

100

100

0 0

200

400

x

1

600

(c)

0 0

x

300

3

600

3

600

x

x

3

x

Fig. 1. Two-vehicle Conflict Scenario. Vehicle 1 (autonomous)

300

600

(b)

300 200 100

200

400

x

1

600

(d)

0 0

200

400

x

1

600

(e)

In each of the plots (a)–(e), the red box represents [L1 , U1 ] × [L2 , U2 ]. Since the sets Pre(q, ˆ B)H and Pre(q, ˆ B)L are four dimensional, we plot slices of these sets in the (x1 , x3 ) position plane corresponding to the current speed values (x2 , x4 ). The black solid lines delimit the slice of the set Pre(q, ˆ B)H in position plane for the current speeds values (x2 , x4 ). Similarly, the green dashed lines delimit the slice of the set Pre(q, ˆ B)L in position plane for the same current speeds values (x2 , x4 ). The intersection of these two slices delimits the slice of the current mode dependent capture set Cˆ qˆ for the same current speeds values (x2 , x4 ). The red circle denotes the current position x1 , x3 , while the blue trace represents the projection in the position plane of the continuous trajectory of H. Plot (a) shows the initial configuration in the position plane. Here, the current mode estimate is qˆ = {a, b, c}. Plot (b) shows the mode estimate switching to qˆ = {c, b}. Plot (c) shows the time at which the mode estimate becomes qˆ = {b}, so that the current mode is locked. Plot (d) shows when the continuous state hits the boundary of the current mode-dependent capture set and thus safe control is applied. Fig. 2.

which we denote qˆ 1 = {a, b, c}, qˆ 2 = {c, b}, qˆ 3 = {b}, and q(0) ˆ = qˆ 1 , is uniquely defined once the set Y and map ˆ = Rˆ Rare defined. For this sake, consider the estimate β(t) 1 t v ˙ (τ)dτ, t ≥ T. For each possible value of q(t), we T t−T 2 ˆ compute the interval in which β(t) must lie. Thus, we have ˆ the following. For q(t) = a, we have that |β(t)−β a | ≤ βa ; for ¯ ¯ ˆ q(t) = c, we have that β(t) ∈ [−d, βa + d]; and for q(t) = b, ¯ βa + d]. ¯ Given this , we ˆ ∈ [−|βb | − d, we have that β(t) ¯ ¯ ˆ have that if β(t) ∈ [−|βb | − d, −d] then necessarily q(t) = b. ¯ 0] then a is not currently possible ˆ ∈ [−d, Similarly, if β(t) and thus we must necessarily have that q(t) ∈ {c, b}. As a consequence, we define Y = {ycb , yb , ǫ} and define for t>T  ¯ 0] and q(t ˆ ∈ [−d,  y if β(t) ˆ − ) = qˆ 1    cb ¯ ¯ and q(t ˆ y(t) =  yb if β(t) ∈ [−|βb | − d, −d] ˆ − ) ∈ {qˆ 1 , qˆ 2 }    ǫ otherwise. Thus, Rˆ is represented in the bottom right diagram of Figure 1. The properties of a mode estimator are satisfied. One can easily verify that Algorithm 1 terminates and that Cˆ qˆ 1 = Pre(qˆ 1 , B), Cˆ qˆ 2 = Pre(qˆ 2 , B), Cˆ qˆ 3 = Pre(qˆ 3 , B). In this case, the set of discrete modes on which Hˆ evolves is a strict subset of 2Q given by Qˆ := {qˆ 1 , qˆ 2 , qˆ 3 }. By virtue of Proposition 5, Assumption 2 is satisfied for all ˆ The sets Pre(qˆ 1 , B), Pre(qˆ 2 , B), and Pre(qˆ 3 , B) can q¯ ∈ Q. be easily calculated with a linear complexity discrete time

algorithm as in each mode the dynamics are given by the parallel composition of two order preserving systems and B is an interval [7]. In particular, these sets are given as Pre(q, ˆ B) = Pre(q, ˆ B)L ∩ Pre(q, ˆ B)H , in which Pre(q, ˆ B)L = {x ∈ X | ∃ t, d˜t s.t. some φ xˆ (t, (x, q), ˆ d˜t , uL , ǫ) ∈ B} and Pre(q, ˆ B)H = {x ∈ X | ∃ t, d˜t s.t. some φ xˆ (t, (x, q), ˆ d˜t , uH , ǫ) ∈ B} (see [17], [4] for more details on these computational techniques). The map πˆ (q, ˆ x) for every mode estimate qˆ is active only when x is on the boundary of Cˆ qˆ and in such a case it makes the continuous state slide on the boundary of Cˆ qˆ [17], [4]. Simulation results for the closed loop system H π are shown in Figure 2. VI. Conclusions In this paper, we have considered the safety control problem for hybrid systems with hidden modes. In accordance to what is performed in games of imperfect information [13], [19], [11], we translated the imperfect information control problem to a perfect information control problem. This new control problem with perfect information has been solved in our earlier work [17]. In this paper, we have focused on proving the equivalence between the two control problems under a weak detectability assumption and an assumption on the structure of the uncontrollable predecessor operator. In our future work, we will incorporate discrete control inputs and continuous state uncertainty into the model. References [1] A. Balluchi, L. Benvenuti, M. D. Di Benedetto S, and A. L. Sangiovanni-vincentelli. Design of observers for hybrid systems. In In Hybrid Systems: Computation and Control, volume 2289 of LNCS, pages 76–89. Springer-Verlag, 2002. [2] D. Del Vecchio. A partial order approach to discrete dynamic feedback in a class of hybrid systems. In Hybrid Systems: Computation and Control, Lecture Notes in Computer Science, vol. 4416, A. Bemporad, A. Bicchi, and G. Buttazzo (Eds.), Springer Verlag, pages 159–173, Pisa, Italy, 2007. [3] D. Del Vecchio. Observer-based control of block triangular discrete time hybrid automata on a partial order. International Journal of Robust and Nonlinear Control, 19(14):1581–1602, 2009. [4] D. Del Vecchio, M. Malisoff, and R. Verma. A separation principle for a class of hybrid automata on a partial order. In American Control Conference, 2009. [5] D. Del Vecchio, R. M. Murray, and E. Klavins. Discrete state estimators for systems on a lattice. Automatica, 42:271–285, 2006. [6] D. Del Vecchio, R. M. Murray, and P. Perona. Primitives for human motion: A dynamical approach. In IFAC World Congress, 2002. [7] M. Hafner and D. Del Vecchio. Computation of safety control for uncertain piecewise continuous systems on a partial order. In Conference on Decision and Control, 2009. [8] T. A. Henzinger and P. W. Kopke. Discrete-time control for rectangular hybrid automata. Theoritical Computer Science, 221:369 – 392, 1999. [9] J.-H. Kim, Y.-W. Kim, and D.-H. Hwang. Modeling of human driving behavior based on piecewise linear model. AUTOMATIKA, 46:29–37, 2005. [10] A. Kurzhanski and P. Varaiya. Ellipsoidal techniques for hybrid dynamics: the rechability problem. In New Directions and Applications in Control Theory, volume 321, pages 193–205, 2005. [11] S. M. LaValle. Planning Algorithms. Cambridge University Press, 1st edition, 2006.

[12] J. Lygeros, C. J. Tomlin, and S. Sastry. Controllers for reachability specifications for hybrid systems. Automatica, 35(3):349 – 370, 1999. [13] J. H. Reif. The complexity of two-player games of incomplete information. Journal of Computer System Sciences, 29(2):274– 301, 1984. [14] C.-E. Seah and I. Hwang. Terminal-area aircraft tracking by hybrid estimation. AIAA Journal of Guidance, Control and Dynamics, 32(3):836–849, 2009. [15] O. Shakernia, G. J. Pappas, and S. Sastry. Semi-decidable synthesis for triangular hybrid ststems. In Hybrid Systems: Computation and Control, volume 2034, pages 949–970. Springer Veralg, 2001. [16] U.S. DOT Joint Program Office ITS. http://www.its.dot.gov. [17] R. Verma and D. Del Vecchio. Continuous control of hybrid automata with imperfect mode information assuming separation between state estimation and control. In Conference on Decision and Control, 2009. [18] R. Verma, D. Del Vecchio, and H. Fathy. Development of a scaled vehicle with longitudinal dynamics of a HMMWV for an ITS testbed. IEEE/ASME Transactions on Mechatronics, 13:46–57, 2008. [19] M. D. Wulf, L. Doyen, and J. F. Raskin. A lattice theory for solving games of imperfect information. In Hybrid Systems: Computation and Control, volume 3927, pages 153–173. Springer-Veralg, 1984.

Appendix Proposition 5: Consider system H and let X = X1 ×X2 with x1 = (x1,1 , ..., x1,n) ∈ X1 and x2 = (x2,1 , ..., x2,m) ∈ X2 . Let q¯ ∈ 2Q and assume that (i) there are f1 : X1 × U → X1 , and f2 : X2 × Q × D → X2 such that f (x, q, u, d) = ( f1 (x1 , u), f2 (x2 , q, d)) for x1 ∈ X1 and x2 ∈ X2 ; (ii) there is f¯2 : X2 × R → X2 such that we have that ¯ | d¯ ∈ D(q)} { f2 (x2 , q, ¯ d) | d ∈ D} = { f¯2 (x2 , d) ¯ for a ¯ suitable set D(q) ¯ ⊂ R and the system x˙2 = f¯2 (x2 , d) ¯ with d ∈ D(q) ¯ is an order preserving system (see [4] for definition of order preserving system); S (iii) D(q) ¯ = q∈q¯ D(q); (iv) B = {(x1 , x2 ) | (x1,1 , x2,1 ) ∈ [L1 , U1 ] × [L2 , U2 ]}. S Then, Pre(q, ¯ B) = q∈q¯ Pre(q, B). Proof: It is enough to show that if ( x¯1 , x¯2 ) ∈ Pre(q, ¯ B), then there is q ∈ q¯ such that ( x¯1 , x¯2 ) ∈ Pre(q, B). If ( x¯1 , x¯2 ) ∈ Pre(q, ¯ B), then for all π there is d¯ ∈ S(D(q)) ¯ and t ≥ 0 such that φπx1,1 (t, x¯1 ) ∈ [L1 , U1 ] and ¯ φ x2,1 (t, x¯2 , d) ∈ [L2 , U2 ] (by (i) and (iv)). Since D(q) ¯ = [dL (q), ¯ dH (q)] ¯ and the flow preserves the ordering with respect to the input by (ii), we have that ¯ ∈ [φ x2,1 (t, x¯2 , dL (q)), y := φ x2,1 (t, x¯2 , d) ¯ φ x2,1 (t, x¯2 , dH (q))]. ¯ S Since D(q) ¯ = D(q) by (iii) we also have q∈ q ¯ S that D(q) ¯ = q∈q¯ [dL (q), dH (q)]. Therefore, we have that [φ x2,1 (t, x¯2 , dL (q)), ¯ φ x2,1 (t, x¯2 , dH (q))] ¯ = S ¯2 , dL (q)), φ x2,1 (t, x¯2 , dH (q))]. As a q∈q¯ [φ x2,1 (t, x consequence, there is q ∈ q¯ such that y ∈ [φ x2,1 (t, x¯2 , dL (q)), φ x2,1 (t, x¯2 , dH (q))]. By the continuity of the flow with respect to the input signal, we have that for all y ∈ [φ x2,1 (t, x¯2 , dL (q)), φ x2,1 (t, x¯2 , dH (q))], there is an input signal d¯ ′ ∈ S([dL (q), dH (q)]) such that φ x2,1 (t, x¯2 , d¯ ′ ) = y. Thus, we can conclude that for all π there is q ∈ q¯ and d¯ ′ ∈ S(D(q)) such that φπx1,1 (t, x¯1 ) ∈ [L1 , U1 ] and φ x2,1 (t, x¯2 , d¯ ′ ) ∈ [L2 , U2 ]. This, in turn, implies that ( x¯1 , x¯2 ) ∈ Pre(q, B).